From: Joe Orton <jorton@apache.org>
Date: Wed, 16 Mar 2011 16:32:04 +0000 (+0000)
Subject: * modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): Compare SNI
X-Git-Tag: 2.3.12~222
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7075b21843b8921962a17b05711f01c1dfc2ffed;p=thirdparty%2Fapache%2Fhttpd.git

* modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): Compare SNI
  hostname against Host header case-insensitively.

PR: 49491
Submitted by: Mayank Agrawal <magrawal.08 gmail.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1082189 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 628f01d7266..fdc20dcf09f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.3.12
 
+  *) mod_ssl: Check SNI hostname against Host header case-insensitively.
+     PR 49491.  [Mayank Agrawal <magrawal.08 gmail.com>]
+
   *) mod_ldap: Add LDAPConnectionPoolTTL to give control over lifetime
      of bound backend LDAP connections.  PR47634 [Eric Covener]
    
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index e8df047352d..d50214bc764 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -202,7 +202,7 @@ int ssl_hook_ReadReq(request_rec *r)
         if (rv != APR_SUCCESS || scope_id) {
             return HTTP_BAD_REQUEST;
         }
-        if (strcmp(host, servername)) {
+        if (strcasecmp(host, servername)) {
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
                         "Hostname %s provided via SNI and hostname %s provided"
                         " via HTTP are different", servername, host);